Unable to connect to personal website through modem unless I use VPN -- NOT using Xfinity modem

Starting about 2 weeks ago, I was no longer able to access my personal website via my modem. I can access pretty much the rest of the internet, just not my personal website. I suspect Xfinity is blocking it, since I can access my website:

via 4G LTE on my phone;
if I use a VPN through my modem.

Thus, the website is obviously up and working; it only fails when I use Xfinity "in the clear".

I cannot access the website through my modem without VPN, regardless of:

device,
browser, or
operating system.

I found several posts with similar complaints, but the posters all use an Xfinity-supplied modem. I have a Netgear C7000, not Xfinity-supplied.

What should I do to access my website, short of using VPN all the time and/or hoping that someone else finally breaks Xfinity's monopoly on high-speed internet in my area?

I don't know if this is related, but the xfinitywifi hotspots in my area don't seem to be working.

In case it helps clarify, here are some things Xfinity support has told me to do over the last two weeks, along with the results.

Various problems related to their determination to blame my modem.
- Turn my modem off, then back on.
- Check my modem settings to verify it wasn't blocking the website.
- Reset my modem.
  - I even performed a factory reset.
- I'm reasonably sure at this point the problem isn't my modem.
Visit https://downforeveryoneorjustme.com/ . "It's just you."
Visit a site to test my IPv6 connectivity. "10/10"
Use a different browser.
Use a different device.

Responses

Accepted Solution

cantanima

New Poster

•

11 Messages

3 years ago

Turns out the problem was due to both Comcast and my website host.

Solution

Someone at Comcast who knew what he was talking about finally called me (see below on the magic required for that to happen). He admitted that Xfinity employs a security mechanism that delays delivery of information upon detecting a discrepancy between the DNS and the PRT record. This delay makes it seem they are blocking the data; it actually causes a "timeout" error. I don't quite remember the details, so I won't try to explain more than that, and apologize if I've erred on some detail, but "DNS" and "PRT record" are involved.

As it happens, my website host was in the process of changing servers, and they had done something not quite correctly. Once I notified them of the issue, they fixed the problem quickly. My website has been functioning properly for several days now.

Now, how in the end did I get a straight answer from Comcast?

I found a "contact our VP" link somewhere on the website. Within a day, someone got back to me, found the ticket, asked me again for the details, did enough investigation to say he'd have to forward it to the regional group. Within a day, if not within hours, someone from regional called me, for the first time indicated familiarity with the ticket, described the probably cause, and how I could get it fixed by talking to my website host.

Until then I lost two weeks dealing with Xfinity's customer support

Two representatives were unable to locate my ticket even when I provided the correct number.
A third representative tied me up for two hours trying "solutions" I'd already had to try or that I knew were pointless, after lying to me that he was the "higher tier" support I'd been promised. He finally admitted that he wasn't the higher tier and said he'd escalate the ticket.
On at least three occasions they promised to escalate my ticket, which never happened.
On at least two occasions I was promised a callback, which never happened.
About the only thing positive I can say is that they were courteous.

Competent customer service should not depend on contacting the VP.

(edited)

EG

Expert

•

110.4K Messages

3 years ago

Please post the output of a traceroute to the URL of the site.

cantanima

New Poster

•

11 Messages

@EG

Sure, no problem.

 1  _gateway (192.168.0.1)  11.266 ms * *
 2  96.120.32.133 (96.120.32.133)  77.224 ms  77.147 ms  77.074 ms
 3  96.108.88.237 (96.108.88.237)  84.918 ms  84.838 ms  84.742 ms
 4  96.108.29.29 (96.108.29.29)  84.674 ms  84.603 ms  84.505 ms
 5  162.151.118.241 (162.151.118.241)  84.431 ms  84.360 ms  84.456 ms
 6  96.108.28.126 (96.108.28.126)  85.198 ms  132.810 ms  110.378 ms
 7  162.151.119.237 (162.151.119.237)  110.213 ms  17.219 ms  21.946 ms
 8  be-61-ar02.winchester.tn.malt.comcast.net (96.108.28.85)  29.265 ms  34.790 ms  34.510 ms
 9  be-34922-cs02.56marietta.ga.ibone.comcast.net (96.110.40.69)  49.896 ms be-34932-cs03.56marietta.ga.ibone.comcast.net (96.110.40.73)  53.539 ms  57.635 ms
10  be-2111-pe11.56marietta.ga.ibone.comcast.net (96.110.32.22)  57.554 ms be-2211-pe11.56marietta.ga.ibone.comcast.net (96.110.32.26)  91.669 ms be-2311-pe11.56marietta.ga.ibone.comcast.net (96.110.32.30)  91.602 ms
11  * * *
12  be2847.ccr41.atl01.atlas.cogentco.com (154.54.6.101)  91.259 ms be2848.ccr42.atl01.atlas.cogentco.com (154.54.6.117)  92.060 ms be2847.ccr41.atl01.atlas.cogentco.com (154.54.6.101)  55.570 ms
13  be3373.agr22.atl01.atlas.cogentco.com (154.54.44.78)  55.370 ms  55.264 ms be3372.agr21.atl01.atlas.cogentco.com (154.54.41.254)  42.822 ms
14  * te0-0-1-2.nr11.b000122-15.atl01.atlas.cogentco.com (154.24.74.202)  50.321 ms *
15  * * 38.140.168.146 (38.140.168.146)  57.120 ms
16  border1.ae2-bbnet2.acs.pnap.net (64.94.0.91)  64.682 ms border2.ae1-bbnet1.acs.pnap.net (64.94.0.5)  64.617 ms border1.ae1-bbnet1.acs.pnap.net (64.94.0.4)  64.549 ms
17  knownhost-3.satedge1.acs.pnap.net (64.94.2.46)  64.485 ms knownhost-3.satedge2.acs.pnap.net (64.94.3.94)  150.292 ms knownhost-3.satedge1.acs.pnap.net (64.94.2.46)  150.229 ms
18  64.74.203.46 (64.74.203.46)  150.102 ms  150.036 ms  100.128 ms
19  ssd67-ga.privatesystems.net (64.74.200.67)  180.948 ms  180.871 ms  180.803 ms
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

3 years ago

EG

Expert

•

110.4K Messages

3 years ago

Your packets are making it far past the Comcast web space and even through the third-party backbone provider's web spaces. It appears that your Comcast assigned WAN / public IP address is being blocked internally by the web hosting service (PrivateSystems.net) for whatever the reason may be. Suggest that you contact the web host / site admin concerning this issue.

(edited)

cantanima

New Poster

•

11 Messages

@EG Thank you for the quick reply. Two questions, with a comment:

1. Which web hosting service?

2. Does it matter that I connect via DHCP, not via a static address, and I've unplugged & reset several times since then, so I'd imagine my assigned IP address would have changed?

I actually first contacted my website hosting service, thinking that they had some sort of problem. At their request I sent my IP address first, then a copy of the traceroute. They looked at both and said (a) they weren't blocking my IP address, and (b) the traceroute suggested an issue with Comcast.

Then, when I first called Comcast about it, the representative stated that Comcast was probably blocking my website for my security. I have a feeling that's wrong; I haven't found Comcast's customer service to do a good job even keeping basic records of complaints.

(edited)

3 years ago

EG

Expert

•

110.4K Messages

@cantanima

@EG Thank you for the quick reply.

My pleasure !

Two questions, with a comment:

1. Which web hosting service?

Whoever it is that you are paying to host your personal website. Is it "PrivateSystems.net" as shown in hop #19 ?

2. Does it matter that I connect via DHCP, not via a static address, and I've unplugged & reset several times since then, so I'd imagine my assigned IP address would have changed.

Your WAN / public IP won't change with a power cycle / reboot operation as the address assignments from Comcast are known as being *sticky dynamic*.

I actually first contact my website hosting service, and at their request sent a copy of the traceroute. They looked at it and said they weren't blocking it, and suggested that I talk to Comcast.

Unbelieveable.... The trace output doesn't lie. It obvious that your are not being blocked at any of the transit routers along the route.

If that C7000 has a MAC address cloning feature, you can clone a different MAC address in to it. This will force a change of your Comcast assigned WAN / public IP address so then you may be able to reach the site. No guarantees / YMMV. The new IP may be from the same block of addresses and also may be blocked. Good luck !

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer! tick

3 years ago

cantanima

New Poster

•

11 Messages

@EG Thank you for the reply. I will talk to my website host. They are not "privatesystems.net" but for all I know they are using "privatesystems.net" as a backend.

I personally don't know how to read a traceroute. Can you tell me where the Comcast web space ends, so that I can pass this on to my hosting provider? He's always been good about issues in the past, whereas Comcast... in all my calls, where I even offered to send them a traceroute, they declined.

3 years ago

EG

Expert

•

110.4K Messages

@cantanima

Yes. Hop #10 marietta.ga.ibone.comcast.net

3 years ago

Your Home Network

cantanima

Unable to connect to personal website through modem unless I use VPN -- NOT using Xfinity modem

cantanima

Solution

Now, how in the end did I get a straight answer from Comcast?

Until then I lost two weeks dealing with Xfinity's customer support

EG

cantanima

EG

cantanima

EG

cantanima

EG

New to the Community?